#include <idc.idc>
static main() {
auto addr, end, args, locals, frame, firstArg, name, ret;
addr = 0;
for (addr = NextFunction(addr); addr != BADADDR; addr = NextFunction(addr)) {
name = Name(addr);
end = GetFunctionAttr(addr, FUNCATTR_END);
locals = GetFunctionAttr(addr, FUNCATTR_FRSIZE);
frame = GetFrame(addr);
ret = GetMemberOffset(frame, " r");
if (ret == -1) continue;
firstArg = ret + 4;
args = GetStrucSize(frame) - firstArg;
Message("Function: %s, starts at %x, ends at %x\n", name, addr, end);
Message(" Local variable area is %d bytes\n", locals);
Message(" Arguments occupy %d bytes (%d args)\n", args, args / 4);
}
}
#include <idc.idc>
static main() {
auto func, end, count, inst;
func = GetFunctionAttr(ScreenEA(), FUNCATTR_START);
if (func != -1) {
end = GetFunctionAttr(func, FUNCATTR_END);
count = 0;
inst = func;
while (inst < end) {
count++;
inst = FindCode(inst, SEARCH_DOWN | SEARCH_NEXT);
}
Warning("%s contains %d instructions\n", Name(func), count);
}
else {
Warning("No function found at location %x", ScreenEA());
}
}
#include <idc.idc>
static main() {
auto func, end, target, inst, name, flags, xref;
flags = SEARCH_DOWN | SEARCH_NEXT;
func = GetFunctionAttr(ScreenEA(), FUNCATTR_START);
if (func != -1) {
name = Name(func);
end = GetFunctionAttr(func, FUNCATTR_END);
for (inst = func; inst < end; inst = FindCode(inst, flags)) {
for (target = Rfirst(inst); target!=BADADDR; target = Rnext(inst, target)) {
xref = XrefType();
if (xref == fl_CN || xref == fl_CF) {
Message("%s calls %s from 0x%x\n", name, Name(target), inst);
}
}
}
}
else {
Warning("No function found at location %x", ScreenEA());
}
}
#include <idc.idc>
static list_callers(bad_func) {
auto func, addr, xref, source;
func = LocByName(bad_func);
if (func == BADADDR) {
Warning("Sorry, %s not found in database", bad_func);
}
else {
for (addr = RfirstB(func); addr != BADADDR; addr = RnextB(func, addr)) {
xref = XrefType();
if (xref == fl_CN || xref == fl_CF) {
source = GetFunctionName(addr);
Message("%s is called from 0x%x in %s\n", bad_func, addr, source);
}
}
}
}
static main() {
list_callers("_strcpy");
list_callers("_sprintf");
}
#include <idc.idc>
static main() {
auto entryPoints, i, ord, addr, name, purged, file, fd;
file = AskFile(1, "*.idt", "Select IDT save file");
fd = fopen(file, "w");
entryPoints = GetEntryPointQty();
fprintf(fd, "ALIGNMENT 4\n");
fprintf(fd, "0 Name=%s\n", GetInputFile());
for (i = 0; i < entryPoints; i++) {
ord = GetEntryOrdinal(i);
if (ord == 0) continue;
addr = GetEntryPoint(ord);
if (ord == addr) {
continue; //entry point has no ordinal
}
name = Name(addr);
fprintf(fd, "%d Name=%s", ord, name);
purged = GetFunctionAttr(addr, FUNCATTR_ARGSIZE);
if (purged > 0) {
fprintf(fd, " Pascal=%d", purged);
}
fprintf(fd, "\n");
}
}
#include <idc.idc>
static main() {
auto addr, op, end, idx;
auto func_flags, type, val, search;
search = SEARCH_DOWN | SEARCH_NEXT;
addr = GetFunctionAttr(ScreenEA(), FUNCATTR_START);
func_flags = GetFunctionFlags(addr);
if (func_flags & FUNC_FRAME) { //Is this an ebp based frame?
end = GetFunctionAttr(addr, FUNCATTR_END);
for (; addr < end && addr != BADADDR; addr = FindCode(addr, search)) {
type = GetOpType(addr, 0);
if (type == 3) { //Is this a register indirect operand?
if (GetOperandValue(addr, 0) == 4) { //Is the register esp?
MakeComm(addr, "arg_0"); //[esp] equates to arg_0
}
}
else if (type == 4) { //Is this a register + displacement operand?
idx = strstr(GetOpnd(addr, 0), "[esp"); //Is the register esp?
if (idx != -1) {
val = GetOperandValue(addr, 0); //get the displacement
MakeComm(addr, form("arg_%d", val)); //add a comment
}
}
}
}
}
#include <idc.idc>
static getArgCount(func) {
auto type, idx, count;
type = GetType(func);
if (type != "") {
if (strstr(type, "()") != -1) return 0;
if (strstr(type, "( )") != -1) return 0;
if (strstr(type, "(void)") != -1) return 0;
idx = strstr(type, "(");
if (idx != -1) {
count = 1;
while (strstr(type, ",") != -1) {
idx = strstr(type, ",");
count++;
type = substr(type, idx + 1, -1);
}
return count;
}
}
return -1;
}
static getArg(func, n, nargs) {
auto type, idx, count;
type = GetType(func);
if (type != "") {
if (strstr(type, "()") != -1) return "";
if (strstr(type, "( )") != -1) return "";
if (strstr(type, "(void)") != -1) return "";
idx = strstr(type, "(");
if (idx != -1) {
count = 1;
do {
type = substr(type, idx + 1, -1);
Message("%d/%d: %s\n", count, nargs, type);
idx = strstr(type, ",");
if (count == n) {
if (idx == -1) {
idx = strstr(type, ")");
}
return substr(type, 0, idx);
}
idx = strstr(type, ",");
count++;
} while (count <= nargs);
}
}
return "";
}
static get_arg(ea, n) {
auto op, tgt, flow, end, nargs;
end = GetFunctionAttr(ea, FUNCATTR_END);
while (ea < end && ea != BADADDR) {
tgt = Rfirst0(ea);
if (tgt != BADADDR) {
flow = XrefType();
if (flow == fl_CF || flow == fl_CN) {
Message("found call at %x, target is %x\n", ea, tgt);
nargs = getArgCount(tgt);
Message("arg count = %d\n", nargs);
if (nargs == -1) {
return "";
}
if (n <= nargs) {
return getArg(tgt, n, nargs);
}
}
}
ea = FindCode(ea, SEARCH_DOWN | SEARCH_NEXT);
}
return "";
}
static main() {
auto func, ea, comment, op, max, arg, idx;
auto func_flags, type, val, call_loc;
func = GetFunctionAttr(ScreenEA(), FUNCATTR_START);
func_flags = GetFunctionFlags(func);
if (func_flags & FUNC_FRAME) {
max = GetFunctionAttr(func, FUNCATTR_END);
for (ea = func; ea < max && ea != BADADDR; ea = FindCode(ea, SEARCH_DOWN | SEARCH_NEXT)) {
type = GetOpType(ea, 0);
if (type == 3) {
//base + index
if (GetOperandValue(ea, 0) == 4) { //esp
arg = get_arg(ea, 1);
if (arg != "") {
comment = arg;
}
else {
comment = "arg_0";
}
MakeComm(ea, comment);
}
}
else if (type == 4) {
//base + disp + index
op = GetOpnd(ea, 0);
idx = strstr(op, "[esp");
if (idx != -1) {
val = GetOperandValue(ea, 0);
arg = get_arg(ea, val / 4 + 1);
if (arg != "") {
comment = arg;
}
else {
comment = form("arg_%d", val);
}
MakeComm(ea, comment);
}
}
}
}
}
auto var_4, edx, eax, al;
var_4 = 0;
while (var_4 <= 0x3C1) {
edx = var_4;
edx = edx + 0x804B880;
eax = var_4;
eax = eax + 0x804B880;
al = Byte(eax);
al = al ^ 0x4B;
PatchByte(edx, al);
var_4++;
}